[Pkg-samba-maint] Bug#845342: samba-common-bin: nmblookup broken over routed connection?

herrmann herrmann at glatz.de
Tue Nov 22 16:17:09 UTC 2016 

Package: samba-common-bin
Version: 2:4.2.10+dfsg-0+deb8u3
Severity: important
Tags: upstream

Today we had the (very!) rare chance to restart all our windows 2012 domain
controllers and to apply all outstanding windows updates of the past few
monthes.

Since then nmblookup is no longer able to lookup names or ip addresses when the
target is accessible over a routed connection only. It works well, when the
target is in the same subnet. We use nmblookup on a daily base, and until
yesterday it worked. So I guess, that one of the windows updates is responsible
for this new behaviour (maybe CVE-2016-3236).

Looking up the domain controllers Port 137 UDP (which is used by nmblookup)
with nmap on a routed connection shows the port as closed. Looking up the same
port on a direct connection shows it as open. This behaviour seems not to be
linked to the windows firewall.

I may be hunting a ghost, but if not, it might be a good idea, to consider
nmblookup dead and either mark it as deprecated or better remove it from the
package. There are other ways, to find domain controllers and their addresses.

Unfortunately I have no idea, which other packages might depend on nmblookup.
In my case it was basic_smb_auth.sh in package squid3, which no longer works
(so I replaced the lookups with static entries).



-- System Information:
Debian Release: 8.6
  APT prefers stable
  APT policy: (700, 'stable'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages samba-common-bin depends on:
ii  libbsd0        0.7.0-2
ii  libc6          2.19-18+deb8u6
ii  libldap-2.4-2  2.4.40+dfsg-1+deb8u2
ii  libncurses5    5.9+20140913-1+b1
ii  libpopt0       1.16-10
ii  libreadline6   6.3-8+b3
ii  libtalloc2     2.1.2-0+deb8u1
ii  libtdb1        1.3.6-0+deb8u1
ii  libtevent0     0.9.25-0+deb8u1
ii  libtinfo5      5.9+20140913-1+b1
ii  libwbclient0   2:4.2.10+dfsg-0+deb8u3
ii  python         2.7.9-1
ii  python-samba   2:4.2.10+dfsg-0+deb8u3
pn  python2.7:any  <none>
ii  samba-common   2:4.2.10+dfsg-0+deb8u3
ii  samba-libs     2:4.2.10+dfsg-0+deb8u3

samba-common-bin recommends no packages.

Versions of packages samba-common-bin suggests:
pn  heimdal-clients  <none>

-- no debconf information

More information about the Pkg-samba-maint mailing list